Complying With HIPAA, Privacy Laws, and Exceptions During a Public Health Crisis

Mr. Shah advises clients on privacy, cybersecurity, and data protection laws and regulations, as well as healthcare fraud and abuse matters and government investigations relating to health information technology. He counsels clients on digital health and data asset management strategies and related compliance issues. Mr. Shah’s work focuses on defense and counseling of healthcare entities on legal and regulatory compliance issues around privacy, cybersecurity, and data asset management. He has extensive experience with legal issues related to health information technology, big data analytics, and digital health strategies. He provides compliance counseling, establishes and evaluates compliance programs, conducts privacy and security risk assessments, establishes compliant contracting strategies to build trust networks, and responds to data breaches. Mr. Shah is a Certified CSF Practitioner, a designation given by the Health Information Trust Alliance, an organization that provides training to develop and maintain effective security programs for healthcare and life sciences companies that comply with security laws, regulations, and standards, including HITECH, HIPAA, PCI, JCAHO, CMS, ISO, NIST, and various other federal, state, and business requirements. He is also recognized by the Healthcare Information and Management Systems Society as a Certified Professional in Healthcare Information and Management Systems (CPHIMS). Mr. Shah is also recognized by the International Association of Privacy Professionals as a Certified Information Privacy Professional in the United States.

Ms. Metnick is a partner in the Corporate Practice Group in the firm's Chicago office and a member of the Healthcare and Privacy & Cybersecurity Teams. She represents a range of healthcare industry clients, including hospitals and health systems, physician organizations and digital health companies. Ms. Metnick advises on healthcare regulatory and transactional matters with a focus on health information privacy and security. She is the founder and leader of Sheppard Mullin Healthy AI, which is an initiative focused on legal issues relates to the use of AI in healthcare. Ms. Metnick counsels healthcare clients on issues relating to AI, including governance, contractual matters, and data related issues. She advises clients on a range of privacy and security laws, including HIPAA and other federal and state privacy laws. Ms. Metnick also counsels businesses in data breach investigations and compliance with federal and state breach notification laws. She is a Certified Information Privacy Professional/United States (CIPP/ US) and a Certified Information Privacy Professional/Europe (CIPP/E).

Ms. Klein is a leading practitioner on privacy and data protection matters, with a special emphasis on the health and life sciences sectors. She has been recognized by The Legal 500 US in the cyber law (including privacy and data protection) category from 2019 through 2022. She has focused on privacy and data protection law for more than 20 years. Ms. Klein assists clients with issues arising under state and federal privacy, security and data breach notification laws and regulations. These include the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), Section 5 of the Federal Trade Commission (FTC) Act, the FTC Health Breach Notification Rule (HBNR) and myriad state privacy, security and breach notification laws, including the California Consumer Privacy Act (CCPA) and California Confidentiality of Medical Information Act (CMIA). Ms. Klein has examined privacy and data protection issues arising in a broad array of settings, ranging from hospitals to professional sports, including medical device and pharmaceutical companies, developers of health-related apps, and leading-edge technology companies.